How to build an external function login to phpBB forums

Today, I will show you how to build a function to log in a user from outside of the phpBB forums. Your forums has to be version phpBB3.

First of all, empty all files in the cache directory of your forums. Build a single file and name it something like login_from_outside.php and place it in the root of your forums directory.

Define a line to protect your file from hackers:
define(‘IN_PHPBB’, true);

Then include the following functions and common files from forums libraries. Remember to define the proper root path according to your server environment.
$phpbb_root_path = ‘./’; // this root path has to be according to your server path.
$phpEx = substr(strrchr(__FILE__, ‘.’), 1);
include($phpbb_root_path . ‘common.’ . $phpEx);
include($phpbb_root_path . ‘includes/functions_user.’ . $phpEx);

Then start the required sessions, so you can have all the values in hand.

// Start session management
$user->session_begin();
$auth->acl($user->data);
$user->setup();

If a user already logged in from another application, carry all the required sessions over including username, password, and email values. Those are required values for forums login function to work properly.
$my_username =       $_SESSION[‘username’];
$my_userpassword =   $_SESSION[‘userpassword’];
$my_useremail =      $_SESSION[‘useremail’];

/*
* Force user go to login page if they try to open this forum front-end page without login into previous application
*/
if(empty($my_username) || empty($my_userpassword)){
header(“location: /applications/”);
exit();
}

Next, build a hash encrypted password of a user to match the data in forums database.
$user_row = array(
‘username’=> $my_username,
‘user_password’=> phpbb_hash($my_userpassword), // using forum’s hash password
‘user_email’=> $my_useremail,
‘group_id’=> 2,
‘user_type’=> 0,
);

Now this is the fun part.
/*
* pass the username to this function to check if user exist in Forum users table
* return FALSE if user exist – TRUE if user not exists :>)
*/
$user_id_ary = array();
$rtn = user_get_id_name($user_id_ary, $user_row[‘username’], $user_type = false);

if(!$rtn){
// if user exists, automatically log them in to the Forum. Do not add user to users table any more.’;
log_user_in_from_outside();
}
else{
// if user not exists, add user to users & user_group tables; then automatically log him in to Forum
$rebuild_user_row = array(
‘username’=> $aw_username,
‘user_password’=> phpbb_hash($aw_userpassword),
‘user_email’=> $aw_useremail,
‘group_id’=> 2,
‘user_type’=> 0,
‘user_ip’=>$_SERVER[‘REMOTE_ADDR’],
);
$userid = user_add($rebuild_user_row, $cp_data = false);
log_user_in_from_outside(); //call the included function
}

Then you got to build a real function to be called to log user in. You can create a separate file and include that file using include_once or require_once function. You can also create a function in the same file. Either way that works best for you. To my opinion, writing a function in a separate file is a much more cleaner than in the same file. If you want to modify a function in the future, you can only change at 1 spot and not affect other codes or logic.

/*
*  This function will be called to automatically log user to the Forum from another application
*/
function log_user_in_from_outside(){
// remember to declare global variables before using them. Otherwise, you wouldn’t have the values ready
global $user, $auth, $my_username, $my_userpassword;

// this _SERVER function allows you to move your codes to different server without breaking the the logic.
$forums_host = ‘http://’.$_SERVER[‘HTTP_HOST’].’/forums’;

if($user->data[‘is_registered’]){
// if user didn’t login to other application yet, take him/her to the forums frontpage to log in
header(“location: $forums_host”);
}
else{
// insert data to users & user_group tables in forum DB; then log customer in the forum automatically
$result = $auth->login($my_username, $my_userpassword, True);

if ($result[‘status’] == LOGIN_SUCCESS){
header(“location: $forums_host”);
}
else{
header(“location: $forums_host/ucp.php?mode=login”);
}
}
}